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REMARKS 



Claims 1-36 are currently pending in the patent 
application. The Examiner has objected to the drawings, has 
rejected Claims 10-27 under 35 USC 112 as indefinite; and, 
h as rejected Claims 1-36 under 35 USC 103 as unpatentable 
over Coley in view of Belissent. 

in response to the rejection of the drawings, 
Applicants submit herewith replacement drawings which do not 
include the objectionable line and ink forms. Formal 
versions of the replacement drawings will be submitted once 
the drawings have been approved by the Examiner. 

With regard to the rejection of Claims 10-18 and 19-27 
are redundant based on Claims 1-9, Applicants herein submit 
amendments to Claims 10-27 to address the redundancy 



concern* 



The Examiner has rejected all of the claims as being 
unpatentable over the combined teachings of Coley and 
Belissent. Applicants first note that the effective date of 
the Belissent patent is after the date of the invention of 
the present invention by Applicants. Applicants can submit 
a Declaration of Prior Invention, but will not submit one at 
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this time, since Applicants believe that the invention is 
patentably distinct from the cited references. 

The present application teaches and claims apparatus, a 
xuethod, a processor, and a program storage device for data 
processing wherein bit streams of data exchanged between a 
network resource server and a data network are passed 
through a network processor. The network processor monitors 
the data flow rate of data passing through it. A first 
derivative of the data flow rate is computed to determine 
the rate of change of the data flow rate and actions are 
taken based upon the rate of change of the data flow rate. 
Actions taken include selectively discarding data flowing 
toward the network resource server (Claims 28-35), or 
modifying instructions loaded into the instruction memory in 
response to the determined rate of change (Claims 1-27 and 
36) . 

Applicants respectfully assert that the invention as 
claimed is not rendered obvious by the cited references. 
The Coley patent is directed to a firewall system for 
protecting network elements connected to a public network. 
The firewall (210 of Fig. 2) is disposed between the network 
(202) and the network elements (216 and 218) to be 
protected. Additionally disposed between the firewall and 
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the computer network is a so-called "publicly accessible 
system" including a web server, port and e-mail. The 
Examiner contends that the firewall 210 is analogous to the 
claimed network processor coupled to a network server (see: 
the top of page 4 of the Office Action) . The Examiner cites 
the illustrated firewall 210 and the teachings found in Col. 
7 against the claimed network processor comprising a 
plurality of interface processors, instruction memory, data 
memory and a plurality of input/output (hereinafter "I/O") 
ports. However, the Coley patent clearly teaches in Col. 7 
that the firewall is an application. Coley does not teach 
or suggest that its firewall 210 has a plurality of 
processors, instruction memory and data memory and a 
plurality of I/O ports. 

Further, the Examiner states that the one of the I/O 
ports is for exchanging data passing through the network 
processor, citing 206 as the network processor, with an 
external network. The Examiner has, therefore, cited two 
different components of the Coley system, firewall 210 and 
the "publicly accessible system" 206 (including the web 
server and e-mail system) , against the network processor of 
the claims. Moreover, the Coley component 206 with its 
"internal network port" is not part of the firewall system 
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and does not operate under the direction of interface 
processors which are part of a firewall, since Coley does 
not teach or suggest that the firewall comprises interface 
processors . 

Applicants further assert that the Coley patent does 
not teach or suggest the claimed feature of monitoring data 
flow addressed to the network server and modifying 
instructions based on the data flow, as the Examiner 
concludes at the bottom of page 4 and top of page 5 of the 
Office Action. What the cited teachings of Coley describe, 
at Col. 6, lines 5-20, is that the firewall application 
provides proxies to verify incoming access requests to 
ascertain if the requester is authorized to access the 
network components behind the firewall. Coley does not 
teach or suggest that the incoming data rate be monitored 
nor does Coley teach or suggest taking actions based on a 
data flow rate of change derived from the data flow rate. 
Packet filtering as taught by Coley in Col. 6, at lines 
48-50 does not teach or suggest modifying instructions. 
Moreover, the cited line 65 from Col. 7, simply mentions a 
set of verification tests, which does not teach or suggests 
a step or means to modify instructions. 
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The Examiner has acknowledged, at the top of page 5, 
that the Coley patent does not teach or suggest monitoring 
the rate of data flow addressed to a network resource 
server, deriving data flow rate over time to determine the 
rate of change of data flow, and modifying instructions 
based on the derived data flow rate over time. The Examiner 
has cited the Belissent patent which teaches a method for 
thresholding and throttling client connection requests to 
prevent denial of service (DoS) attacks. Applicants first 
note that one having ordinary skill in the art would not 
look to modify the Coley patent with the teachings of the 
Belissent patent. Since Coley provides a firewall to 
prevent unauthorized users from obtaining access to the 
network components located behind the firewall, no attacker 
would have access to the network components to flood the 
components with requests in such a way as to cause a DoS 
situation. Denial of Service (DoS) attacks are directed 
against publicly accessible components, and operate by 
flooding the publicly accessible components (e.g., the web 
server of 206 in Coley) with requests to overwhelm the 
server. Since Coley does not allow unauthorized requests to 
get past the firewall, there would be no way for a DoS 
attacker to get the requests past the firewall. 
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Accordingly, there would be no reason for Coley to modify 
its firewall to include a component which determines a 
connection request rate in accordance with the teachings of 
Belissent . 

Moreover, Applicants believe that even if one were to 
modify Coley with Belissent, one would not arrive at the 
invention as claimed. Since neither Belissent nor Coley 
teaches computing the derivative of a monitored data flow 
rate to determine a rate of change of data flow, and since 
neither teaches taking action based on a determined rate of 
change of data flow, it cannot be concluded that a Coley 
system having a Belissent connection request flow 
thresholding component would obviate the invention as 
claimed. If one were to modify Coley to include a component 
for determining a connection request rate at its firewall, 
one would still not have means or steps for monitoring the 
rate of data flow addressed to the network resource server, 
at least one interface processor component computing a 
derivative of data flow rate over to time determine the rate 
of change of data flow and for either modifying instructions 
or discarding data based on the determined rate of change of 
data flow. Accordingly, Applicants conclude that the 

YOR920010054-US1 "19- 



page 20/27 • RCVD AT 3/772005 4:46: 1 1 PM [Eastern Standard Time] ' SVR:USPTO-EFXRF-1/3 ' DNIS:8729306 * CSID:9 14982 1973 " DURATION <mm-ss):08-26 



Mar< 07 05 04 : 22p. 



flMHE V - DOUGHERTY 



9 14962 1373 



P . 2 1 



Serial No. 10/30>O99 
Art Unit yerl^23l6 

Examiner has not established a prima facie case of 
obviousness . 

Based on the foregoing amendments and remarks, 
Applicants respectfully request entry of the amendments, 
reconsideration of the amended claim language in light of 
the remarks, withdrawal of the rejections, and allowance of 

the claims. 

Respectfully submitted/ 
C. S. Lingafelt, et al 



By: LL 



Anne Vachon 'Dougher^* / 
Registration No. 30/3^4^/ 
Tel. (914) 962-5910 
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